RESEARCHERS from RSAC have demonstrated a way to bypass the safety protocols of Apple Intelligence using a Neural Execs prompt injection and Unicode manipulation, achieving a high success rate in their tests. By feeding gibberish inputs as universal triggers and encoding malicious output with a Unicode right-to-left override, they could bypass input and output filters and prompt the local LLM to reveal or manipulate data and functionality within third‑party apps integrated with Apple Intelligence.
In their experiments, they tested 100 random prompts and attained a 76% success rate, with RSAC noting that between 100,000 and 1 million users may be running potentially vulnerable apps. RSAC estimates there were at least 200 million Apple Intelligence‑capable devices in consumers’ hands as of December 2025, and protections were rolled out in the recent iOS 26.4 and macOS 26.4, according to RSAC Research. Apple was notified in October 2025, and there is currently no evidence of malicious exploitation[.]According to RSAC